Merge branch 'master' into staging-next

author: Jan Tojnar <jtojnar@gmail.com> 2019-09-22 16:39:12 +0200
committer: Jan Tojnar <jtojnar@gmail.com> 2019-09-22 16:39:12 +0200
commit: 11c2b06dd2cf9ea86920ff9bb3939a3f5eb41a27 (patch)
tree: c137efcba7e4188db3b58c60f7b5565e3c6ca05c /nixos
parent: 76b7dd1ba95c6cef48a2e71c427287a2d12c07ab (diff)
parent: 1bd03f0379318a370563ae721a7ab3af6ef8e095 (diff)
download: nixpkgs-11c2b06dd2cf9ea86920ff9bb3939a3f5eb41a27.tar
nixpkgs-11c2b06dd2cf9ea86920ff9bb3939a3f5eb41a27.tar.gz
nixpkgs-11c2b06dd2cf9ea86920ff9bb3939a3f5eb41a27.tar.bz2
nixpkgs-11c2b06dd2cf9ea86920ff9bb3939a3f5eb41a27.tar.lz
nixpkgs-11c2b06dd2cf9ea86920ff9bb3939a3f5eb41a27.tar.xz
nixpkgs-11c2b06dd2cf9ea86920ff9bb3939a3f5eb41a27.tar.zst
nixpkgs-11c2b06dd2cf9ea86920ff9bb3939a3f5eb41a27.zip
3 files changed, 20 insertions, 15 deletions
diff --git a/nixos/modules/services/web-apps/wordpress.nix b/nixos/modules/services/web-apps/wordpress.nix
index 88475437058..e311dd917dd 100644
--- a/nixos/modules/services/web-apps/wordpress.nix
+++ b/nixos/modules/services/web-apps/wordpress.nix
@@ -61,6 +61,19 @@ let
     ?>
   '';
 
+  secretsVars = [ "AUTH_KEY" "SECURE_AUTH_KEY" "LOOGGED_IN_KEY" "NONCE_KEY" "AUTH_SALT" "SECURE_AUTH_SALT" "LOGGED_IN_SALT" "NONCE_SALT" ];
+  secretsScript = hostStateDir: ''
+    if ! test -e "${hostStateDir}/secret-keys.php"; then
+      umask 0177
+      echo "<?php" >> "${hostStateDir}/secret-keys.php"
+      ${concatMapStringsSep "\n" (var: ''
+        echo "define('${var}', '`tr -dc a-zA-Z0-9 </dev/urandom | head -c 64`');" >> "${hostStateDir}/secret-keys.php"
+      '') secretsVars}
+      echo "?>" >> "${hostStateDir}/secret-keys.php"
+      chmod 440 "${hostStateDir}/secret-keys.php"
+    fi
+  '';
+
   siteOpts = { lib, name, ... }:
     {
       options = {
@@ -340,14 +353,7 @@ in
           wantedBy = [ "multi-user.target" ];
           before = [ "phpfpm-wordpress-${hostName}.service" ];
           after = optional cfg.database.createLocally "mysql.service";
-          script = ''
-            if ! test -e "${stateDir hostName}/secret-keys.php"; then
-              echo "<?php" >> "${stateDir hostName}/secret-keys.php"
-              ${pkgs.curl}/bin/curl -s https://api.wordpress.org/secret-key/1.1/salt/ >> "${stateDir hostName}/secret-keys.php"
-              echo "?>" >> "${stateDir hostName}/secret-keys.php"
-              chmod 440 "${stateDir hostName}/secret-keys.php"
-            fi
-          '';
+          script = secretsScript (stateDir hostName);
 
           serviceConfig = {
             Type = "oneshot";
diff --git a/nixos/modules/system/boot/kernel.nix b/nixos/modules/system/boot/kernel.nix
index 50dbf2f8365..8a309f3bc5f 100644
--- a/nixos/modules/system/boot/kernel.nix
+++ b/nixos/modules/system/boot/kernel.nix
@@ -108,7 +108,7 @@ in
     boot.extraModulePackages = mkOption {
       type = types.listOf types.package;
       default = [];
-      example = literalExample "[ pkgs.linuxPackages.nvidia_x11 ]";
+      example = literalExample "[ config.boot.kernelPackages.nvidia_x11 ]";
       description = "A list of additional packages supplying kernel modules.";
     };
 
diff --git a/nixos/tests/wordpress.nix b/nixos/tests/wordpress.nix
index 774ef6293b5..c6acfa6c1f3 100644
--- a/nixos/tests/wordpress.nix
+++ b/nixos/tests/wordpress.nix
@@ -20,12 +20,6 @@ import ./make-test.nix ({ pkgs, ... }:
       };
 
       networking.hosts."127.0.0.1" = [ "site1.local" "site2.local" ];
-
-      # required for wordpress-init.service to succeed
-      systemd.tmpfiles.rules = [
-        "F /var/lib/wordpress/site1.local/secret-keys.php 0440 wordpress wwwrun - -"
-        "F /var/lib/wordpress/site2.local/secret-keys.php 0440 wordpress wwwrun - -"
-      ];
     };
 
   testScript = ''
@@ -37,6 +31,11 @@ import ./make-test.nix ({ pkgs, ... }:
 
     $machine->succeed("curl -L site1.local | grep 'Welcome to the famous'");
     $machine->succeed("curl -L site2.local | grep 'Welcome to the famous'");
+
+    $machine->succeed("systemctl --no-pager show wordpress-init-site1.local.service | grep 'ExecStart=.*status=0'");
+    $machine->succeed("systemctl --no-pager show wordpress-init-site2.local.service | grep 'ExecStart=.*status=0'");
+    $machine->succeed("grep -E '^define.*NONCE_SALT.{64,};\$' /var/lib/wordpress/site1.local/secret-keys.php");
+    $machine->succeed("grep -E '^define.*NONCE_SALT.{64,};\$' /var/lib/wordpress/site2.local/secret-keys.php");
   '';
 
 })
author	Jan Tojnar <jtojnar@gmail.com>	2019-09-22 16:39:12 +0200
committer	Jan Tojnar <jtojnar@gmail.com>	2019-09-22 16:39:12 +0200
commit	11c2b06dd2cf9ea86920ff9bb3939a3f5eb41a27 (patch)
tree	c137efcba7e4188db3b58c60f7b5565e3c6ca05c /nixos
parent	76b7dd1ba95c6cef48a2e71c427287a2d12c07ab (diff)
parent	1bd03f0379318a370563ae721a7ab3af6ef8e095 (diff)
download	nixpkgs-11c2b06dd2cf9ea86920ff9bb3939a3f5eb41a27.tar nixpkgs-11c2b06dd2cf9ea86920ff9bb3939a3f5eb41a27.tar.gz nixpkgs-11c2b06dd2cf9ea86920ff9bb3939a3f5eb41a27.tar.bz2 nixpkgs-11c2b06dd2cf9ea86920ff9bb3939a3f5eb41a27.tar.lz nixpkgs-11c2b06dd2cf9ea86920ff9bb3939a3f5eb41a27.tar.xz nixpkgs-11c2b06dd2cf9ea86920ff9bb3939a3f5eb41a27.tar.zst nixpkgs-11c2b06dd2cf9ea86920ff9bb3939a3f5eb41a27.zip